Skip to content

Commit

Permalink
default VerifyHostKeyDNS to no
Browse files Browse the repository at this point in the history
  • Loading branch information
laffer1 committed Dec 26, 2023
1 parent 0b59725 commit 296dd67
Show file tree
Hide file tree
Showing 3 changed files with 1 addition and 11 deletions.
6 changes: 0 additions & 6 deletions crypto/openssh/readconf.c
Original file line number Diff line number Diff line change
Expand Up @@ -2592,14 +2592,8 @@ fill_default_options(Options * options)
options->rekey_limit = 0;
if (options->rekey_interval == -1)
options->rekey_interval = 0;
#if HAVE_LDNS
if (options->verify_host_key_dns == -1)
/* automatically trust a verified SSHFP record */
options->verify_host_key_dns = 1;
#else
if (options->verify_host_key_dns == -1)
options->verify_host_key_dns = 0;
#endif
if (options->server_alive_interval == -1)
options->server_alive_interval = 0;
if (options->server_alive_count_max == -1)
Expand Down
1 change: 0 additions & 1 deletion crypto/openssh/ssh_config
Original file line number Diff line number Diff line change
Expand Up @@ -44,5 +44,4 @@
# ProxyCommand ssh -q -W %h:%p gateway.example.com
# RekeyLimit 1G 1h
# UserKnownHostsFile ~/.ssh/known_hosts.d/%k
# VerifyHostKeyDNS yes
# VersionAddendum MidnightBSD-20230627
5 changes: 1 addition & 4 deletions crypto/openssh/ssh_config.5
Original file line number Diff line number Diff line change
Expand Up @@ -1991,10 +1991,7 @@ need to confirm new host keys according to the
.Cm StrictHostKeyChecking
option.
The default is
.Cm yes
if compiled with LDNS and
.Cm no
otherwise.
.Cm no .
.Pp
See also
.Sx VERIFYING HOST KEYS
Expand Down

0 comments on commit 296dd67

Please sign in to comment.